CVE-2026-55058 is a Microsoft Excel remote code execution vulnerability caused by an out-of-bounds read. Microsoft rates it at CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is local (AV:L), attack complexity is low, privileges required are none, and user interaction is required. Microsoft says the issue is not publicly disclosed and not exploited, with exploit code maturity unproven. The practical enterprise risk is lower than a network-reachable, no-interaction issue because exploitation requires a user to open a malicious Office file on the local machine. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local attack vector (AV:L), LOW complexity, NO privileges required, and UI:R indicate user-dependent local exploitation rather than direct network attack. - Severity for enterprise: High severity in CVSS terms, but enterprise risk is moderated by the local vector and required user interaction; phishing-style delivery via a malicious Office file is relevant. - Patch status: available; customer action required. Affected systems: - Not listed in source data.